🟢 Public

RBAC (Role-Based Access Control) Documentation

Security policies, audits, and best practices

Role Hierarchy

  1. SUPERUSER - Full system access
  2. TENANT_ADMIN - Full access within their tenant
  3. EDITOR - Can create/edit content within their tenant
  4. VIEWER - Read-only access within their tenant

Permission Matrix

SUPERUSER

  • Access Django Admin (/admin/)
  • TOKEN-BASED ACCESS TO TENANTS (NEW - Security Enhancement):
  • NO Direct Access: Superusers CANNOT access tenants without authorization
  • Token Required: Must use access tokens generated by tenant admins
  • Time-Limited: Tokens have 1-24 hour duration set by tenant admin
  • Revocable: Tenant admins can revoke tokens anytime
  • Auto-Notification: All superusers receive notification when token is created
  • Easy Activation: Copy token from notification, paste at /dashboard/superuser/activate-token/
  • Full Audit Trail: All access attempts logged
  • Alternative: Emergency Access Request system if tenant admins unavailable
  • All permissions of TENANT_ADMIN (when token is active)
  • Can manage all tenants, users, content across system (via admin panel)
  • Cannot access tenant dashboards without valid token

Token Workflow:
1. Tenant admin creates token at /t/{tenant}/dashboard/admin/support-tokens/
2. System sends notification to ALL superusers
3. Superuser receives notification with token and copy button
4. Superuser activates token at /dashboard/superuser/activate-token/
5. Access granted for token duration
6. Token can be revoked anytime by tenant admin

TENANT_ADMIN

  • Access tenant dashboard (/t/<slug>/dashboard/)
  • Manage pages (create, edit, delete)
  • Manage posts (create, edit, delete)
  • Manage categories and tags
  • Manage media files
  • Manage users within tenant (create, edit, delete, change roles)
  • Manage tenant settings (name, slug, domain, homepage)
  • View all content (published, draft, archived)
  • MFA Required: Tenant admins must enable MFA before accessing dashboard (policy: POLICY_REQUIRE_MFA_TENANT_ADMIN)
  • Exception: Demo tenant admin (is_demo=True) is exempt
  • First-time login: User is redirected to MFA setup
  • Dashboard access is blocked until MFA is enabled
  • Max 2 Tenant Admins: Policy POLICY_MAX_TENANT_ADMINS limits tenant admins to 2 (one as break glass backup)
  • Default: 2 tenant admins per tenant
  • Break glass mechanism: If one admin leaves, backup admin still has access
  • If all admins leave: Use Emergency Access Request
  • Cannot access other tenants
  • Cannot access Django Admin (unless also superuser)

EDITOR

  • Access tenant dashboard (/t/<slug>/dashboard/)
  • Create pages
  • Edit pages (OWN ONLY - ownership check implemented)
  • Delete pages (OWN ONLY - ownership check implemented)
  • Create posts
  • Edit posts (OWN ONLY - ownership check implemented)
  • Delete posts (OWN ONLY - ownership check implemented)
  • Upload media files
  • View all content (published, draft, archived)
  • Cannot manage users
  • Cannot manage tenant settings
  • Cannot manage categories/tags (check needed)
  • Cannot access other tenants

VIEWER

  • View published pages and posts (public)
  • Access tenant dashboard (read-only stats)
  • Cannot create/edit/delete any content
  • Cannot manage users
  • Cannot manage tenant settings
  • Cannot access other tenants

Reusable Decorators ( IMPLEMENTED)

Permission Decorators

Location: accounts/dyour-domain.com

  1. @require_tenant_access
  2. Ensures user has access to the current tenant
  3. Redirects to home if no access

  4. Usage: @require_tenant_access

  5. @require_editor

  6. Ensures user is an editor (EDITOR, TENANT_ADMIN, or SUPERUSER)
  7. Redirects with error if not an editor

  8. Usage: @require_editor

  9. @require_tenant_admin

  10. Ensures user is a tenant admin (TENANT_ADMIN or SUPERUSER)
  11. Redirects with error if not a tenant admin
  12. Enforces MFA requirement: If policy POLICY_REQUIRE_MFA_TENANT_ADMIN is enabled, tenant admins must have MFA enabled
  13. Blocks dashboard access if MFA not enabled (except demo users and superusers)

  14. Usage: @require_tenant_admin

  15. @require_ownership_or_admin(model_class, owner_field)

  16. Factory decorator for ownership checks
  17. Editors can only access their own content
  18. Tenant Admins can access all content

  19. Usage:

    • @require_ownership_or_admin(Page, 'created_by')
    • @require_ownership_or_admin(Post, 'author')

  20. @require_superuser

  21. Ensures user is a superuser
  22. Returns 403 Forbidden if not superuser
  23. Usage: @require_superuser

Benefits

  • Cleaner code - No repetitive permission checks in views
  • Consistent error handling
  • Reusable across all views
  • Easy to maintain and update